HackDig : Dig high-quality web security articles for hacker

Drupal team released security updates to fix several vulnerabilities, including the critical access bypass flaw CVE-2017-6922 exploited in spam campaigns.
The Drupal development team has released security updates to fix several vulnerabilities, including the critical access bypass flaw tracked as CVE-2017-6922 that has been exploited in spam campaigns.
The C

A critical vulnerability affects the Drupal References module that is used by hundreds of thousands of websites using the popular CMS.
The Drupal security team has discovered a critical vulnerability in a third-party module named References.
The Drupal team published a Security advisory on April 12 informing its users of the critical flaw.
The flaw has a hug

Drupal development team has issued a new release of the popular content management system (CMS), Drupal version 8.2.7, that fixes multiple vulnerabilities.
The Drupal development team has released the Drupal version 8.2.7 that addressed a number of vulnerabilities in the popular CMS. The list of flaws includes an access bypass issue, a cross-site request for

Drupal developers have released updates for versions 7 and 8 that fix security issues which could expose websites to cyber attacks.
The Drupal development team has released security updates for versions 7 and 8. The updates fix security vulnerabilities that could expose websites running on the popular CMS and data they manage to security risks, including inf

Security firm Sucuri published a detailed study, titled Hacked Website Report for 2016/Q2, on compromised websites on the Internet.
According to the security expert Daniel Cid from Sucuri, at least 15,769 WordPress websites have been compromised this year.
Sucuri has published a report, titled Hacked Website Report for 2016/Q2, related compromised websites o

Security researchers discovered a new Linux Trojan dubbed Linux.Rex.1 that is capable of self-spreading and create a peer-to-peer botnet.
A newly observed Linux Trojan is capable of self-spreading through infected websites and can recruit the infected machines into a peer-to-peer (P2P) botnet, Doctor Web researchers warn.
Security researchers from the firm D

Are you a fan of Warframe?Is so, Digital Extremes, the company behind the popular online game for the XBox One, Playstation 4 and PC, has some bad news for you.Last week we were made aware of a potential web server breach that occurred in November 2014. At the time, we believed this to be a phishing scam as our account server was secure. After a thorough rev

More than 19 months after its public disclosure the CVE-2014-3704 is still exploited in attacks against Drupal-based websites.
It was October 2014, when Drupal patched a critical SQL injection vulnerability (CVE-2014-3704) that was affecting all Drupal core 7.x versions up to the recently-released 7.32 version, which fixed the issue. The patch issued by Drup

IOActive has uncovered a number of serious vulnerabilities affecting the Drupal CMS that could be exploited to completely takeover the vulnerable websites.
A new vulnerability affecting Drupal could be exploited for code execution and database credentials theft (by Man-in-the-Middle), according to Fernando Arnaboldi, a senior

A researcher has identified three security issues in Drupal that could expose unsuspecting web admins to various attacks.Fernando Arnaboldi, a senior security researcher and consultant at IOActive, discusses the three issues in a post on his company’s blog.The first issue is that when the Drupal update process fails, certain versions of Drupal will no

By Fernando ArnaboldiSecurity updates are a common occurrenceonce you have installed Drupal. In October 2014, there was a massive defacement attack that effected Drupal users who did not upgrade in the first seven hoursafter a security update was released. This means that Drupal updates must bechecked as frequently as possible (even though by default, Drup

A pair of modules included in the Drupal content management system have been updated to fix access bypass vulnerabilities that could allow an attacker to take actions on the behalf of some users.One of the modules fixed is the Twitter module, which allows users to take a variety of actions, including pulling in public tweets and authenticating via Twitter. T

There are several critical vulnerabilities in a middleware layer used in Drupal, including both cross-site scripting and cross-site request forgery bugs, that can be exploited remotely.The vulnerabilities are in the Open Semantic Framework, which is a third-party project and not part of the Drupal Core. The framework is used to allow “structured data (

Welcome to the Episode in which we describe the answer to the Ultimate Question of Life, the Universe, and Everything. Maybe we’ll just stick to security but we’ve now done 42 of these things.
Kicking off this week with a gigantic combined story about Hacking Team, the story that keeps on giving. We touched on this breach last week but as people

Drupal has released security updates for four vulnerabilities affecting versions 6 and 7 of the content-management system, including a critical bug that could allow attackers to hijack legitimate users’ accounts.The vulnerability (CVE-2015-3234) lies in Drupal’s OpenID module, which enables users to authenticate themselves using the OpenID protoc